Study finds concerns regarding readiness for cyberattacks

WASHINGTON — A study commissioned by President Barack Obama to assess the nation’s ability to respond to terrorist attacks and man-made and natural disasters has found that state and local officials have the most confidence in their public health and medical services but are the most concerned about whether agencies can respond to cyberattacks.

The report, conducted by the Federal Emergency Management Agency, said that state and local officials also felt unprepared to provide adequate housing in their communities after a disaster.

Called the National Preparedness Report, the assessment is the first of its kind released by the federal agency and was intended to serve as a baseline for preparedness.

In March 2011, Obama signed a directive ordering the federal government to release an annual report on the nation’s response capacities, which have received intense scrutiny since the Sept. 11 attacks and Hurricane Katrina.

The report said that the nation had a highly responsive health care system, in part because a significant majority of hospitals have the staff, training and capacity to deal with epidemics and other medical emergencies. All but three states said they had “sufficient staffing capacity to work five 12-hour days for six to eight weeks” in response to an epidemic.

It also praised the coordination among federal, state and local officials for sharing information and intelligence, and the ability of the authorities to deploy lifesaving and life-sustaining operations quickly.

But it was the report’s findings about cybersecurity that appeared to be the most troubling, and they continued a drumbeat from the Obama administration about the need for Congress to pass legislation giving the Department of Homeland Security the authority to regulate computer security for the country’s infrastructure.

The report said that cybersecurity “was the single core capability where states had made the least amount of overall progress” and that only 42 percent of state and local officials believed that their cybersecurity was adequate.

Although a little more than 80 percent of officials said they had adopted cybersecurity measures, 45 percent said they did not have a formal program to prevent and respond to attacks.

The report said that roughly two-thirds of those officials reported that they had not updated their “information security or disaster recovery plans in at least two years.”

The report did cite the Secret Service, which has been battered recently by a prostitution scandal, for “dismantling some of the largest known cybercriminal organizations.”